Univention Bugzilla – Bug 37698
UCS@school Samba4 Slave DC is sometimes not detected by 93_samba4_check_dc_selection
Last modified: 2019-02-05 21:20:09 CET
The test case written for Bug 34223 indicates that samba seems to be a bit flaky on a UCS@school S4 Slave (e.g. with Samba4 on master): net ads lookup' command execution, STDERR: ads_connect: No logon servers ads_connect: No logon servers Didn't find the cldap server! The 'Domain Controller:' line was not found in the output from 'net ads lookup', i.e. no Domain Controllers were located. http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/SambaVersion=s4/15/testReport/90_ucsschool/93_samba4_check_dc_selection/test/ Look like sometimes it works, sometimes not. We should check if this points to a problem in UCS@school.
Ignore me, the test actually provokes this intentionally by stopping samba4..
We need to check this, there seems to be some flakyness at least in s4-school-only: http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/SambaVersion=s4-school-only/15/testReport/90_ucsschool/93_samba4_check_dc_selection/test/
Temporary disabled the test, should be re-enabled after the bug is fixed. r58514: * 90_ucsschool/93_samba4_check_dc_selection; 90_ucsschool/92_samba4_check_denied_user_creation; 90_ucsschool/95_samba4_client_join_on_slave: Disabled tests until respective bugs are resolved (Bug #37700 and other).
The test case 95_samba4_client_join_on_slave still fails. I've tried to check the Samba debug while trying to login as new computer account: ----------------------------------------------------------------------------- [2015/12/22 23:11:15.438397, 3, pid=28780] ../source3/smbd/sesssetup.c:185(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2015/12/22 23:11:15.438543, 3, pid=28780] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth) Got user=[WIN7TY8BNK$] domain=[TEST] workstation=[MASTER] len1=24 len2=332 [2015/12/22 23:11:15.438701, 3, pid=28780] ../source4/auth/ntlm/auth.c:270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [TEST]\[WIN7TY8BNK$]@[MASTER] auth_check_password_send: mapped user is: [TEST]\[WIN7TY8BNK$]@[MASTER] [2015/12/22 23:11:15.442561, 3, pid=28780] ../libcli/auth/ntlm_check.c:309(ntlm_password_check) ntlm_password_check: NO NT password stored for user WIN7TY8BNK$. [2015/12/22 23:11:15.442771, 3, pid=28780] ../libcli/auth/ntlm_check.c:443(ntlm_password_check) ntlm_password_check: Lanman passwords NOT PERMITTED for user WIN7TY8BNK$ [2015/12/22 23:11:15.443327, 2, pid=28780] ../source4/auth/ntlm/auth.c:429(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [TEST\WIN7TY8BNK$] FAILED with error NT_STATUS_WRONG_PASSWORD [2015/12/22 23:11:15.443567, 2, pid=28780] ../auth/gensec/spnego.c:716(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_WRONG_PASSWORD [2015/12/22 23:11:15.443914, 3, pid=28780] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/sesssetup.c(269) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE -----------------------------------------------------------------------------
If I use the test script, supplementalCredentials is not set for the windows client. If I join a normal Windows client, the attribute is set. The test script uses samba.net.Net.join_member
I've disabled the second case. r75019: * 90_ucsschool/61_samba4_login: Disable case 2 (Bug #37698)
This issue has been filled against UCS@school 4.0. The maintenance with bug and security fixes for UCS@school 4.0 has ended on May 31, 2016. Customers still on UCS 4.0 are encouraged to update to UCS 4.3 (or later). Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.